Menu

Blog

Sep 23, 2022

Researchers Disclose Critical Vulnerability in Oracle Cloud Infrastructure

Posted by in category: futurism

Researchers have disclosed a new severe Oracle Cloud Infrastructure (OCI) vulnerability that could be exploited by users to access the virtual disks of other Oracle customers.

“Each virtual disk in Oracle’s cloud has a unique identifier called OCID,” Shir Tamari, head of research at Wiz, said in a series of tweets. “This identifier is not considered secret, and organizations do not treat it as such.”

“Given the OCID of a victim’s disk that is not currently attached to an active server or configured as shareable, an attacker could ‘attach’ to it and obtain read/write over it,” Tamari added.

Comments are closed.